We have released LibreSSL 2.6.3, based on OpenBSD 6.2, which will be the new
stable release series. LibreSSL 2.4.x support has also ended. LibreSSL 2.6.3
contains the following core changes from the previous stable release.
* Added support for providing CRLs to libtls - once a CRL is provided via
tls_config_set_crl_file(3) or tls_config_set_crl_mem(3), CRL checking is
enabled and required for the full certificate chain.
* Reworked TLS certificate name verification code to more strictly follow RFC
6125.
* Cleaned up and simplified server key exchange EC point handling.
* Removed inconsistent IPv6 handling from BIO_get_accept_socket(), simplified
BIO_get_host_ip() and BIO_accept().
* Added definitions for three OIDs used in EV certificates.
* Relaxed SNI validation to allow non-RFC-compliant clients using literal IP
addresses with SNI to connect to a libtls-based TLS server.
* Added tls_peer_cert_chain_pem() to libtls, useful in private certificate
validation callbacks such as those in relayd.
* Converted explicit clear/free sequences to use freezero(3).
* Fixed the openssl(1) ca command so that it generates certificates with RFC
5280-conformant time.
* Added ASN1_TIME_set_tm(3) to set an ASN.1 time from a struct tm *.
* Added SSL{,_CTX}_set_{min,max}_proto_version(3) functions.
* Imported HKDF (HMAC Key Derivation Function) from BoringSSL.
* Provided a tls_unload_file(3) function that frees the memory returned from a
tls_load_file(3) call, ensuring that the contents become inaccessible.
* Implemented reference counting for libtls tls_config, allowing
tls_config_free(3) to be called as soon as it has been passed to the final
tls_configure(3) call, simplifying lifetime tracking for the application.
* Dropped cipher suites using DSS authentication.
* Removed support for DSS/DSA from libssl.
* Distinguish between self-issued certificates and self-signed certificates.
The certificate verification code has special cases for self-signed
certificates and without this change, self-issued certificates (which it
seems are common place with openvpn/easyrsa) were also being included in
this category.
* Added a new TLS extension handling framework and converted all TLS
extensions to use it.
* Improved and added many new manpages. Updated
SSL_{CTX_,}check_private_key(3) manpages with additional cautions regarding
their use.
* Cleaned up and simplified EC key/curve configuration handling.
* Added tls_config_set_ecdhecurves(3) to libtls, which allows the names of the
elliptical curves that may be used during client and server key exchange to
be specified.
* Converted more code paths to use CBB/CBS.
* Removed NPN support - NPN was never standardised and the last draft expired
in October 2012.
* Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken CryptoPro
clients.
* Removed support for the TLS padding extension, which was added as a
workaround for an old bug in F5's TLS termination.
* Added ability to clamp notafter values in certificates for systems with
32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5.
* Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
* Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
* Provide a useful error with libtls if there are no OCSP URLs in a peer
certificate.
* Keep track of which keypair is in use by a TLS context, fixing a bug where a
TLS server with SNI would only return the OCSP staple for the default
keypair.
* If tls_config_parse_protocols(3) is called with a NULL pointer it now
returns the default protocols.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.